Hallo liebe Fachleute,

ich bin schon recht lange im Internet unterwegs und bisher konnten mir dank AntiViren-Software und dergleichen nicht wirklich ein Virus oder Adware bedrohen, aber diesmal haben sie es geschafft. Es poppen ständig so nervende Flash-Pop-Ups auf - egal ob ich den Browser auf habe oder nicht. Zudem werden meine Suchabfragen meist mit einem zusätzlichen Spotresults.com-Browser-Fenster "belohnt". Ich habe extra vergangene Woche PestPatrol bestellt, damit ich endlich die zahllosen Flash-PopUp-Fenster und Spotresults.com-Umleitungen wegbekomme, aber auch das Programm wird der Lage nicht herr.

Daher meine Anfrage an Euch ... habe das System mit allen frei erhältlichen Tools wie S&D, Adware, Hitman Pro, Spyware Sweeper, CWSShredder, Spyware Doctor checken lassen, aber ich bekomme es nicht weg. Es hat mich sicher schon 1 komplette Woche Arbeitszeit gekostet Auch mein AntiVir-Virenscanner findet nichts. CWSShredder meldet stets, dass ein Look2Me REMOVED wurde, jedoch egal wie oft (auch abgesicherter Modus mit abgestellter Systemwiederherstellung) ich den Shredder laufen lasse, es popt weiter munter up und wenn ich meinen IE oder Opera benutze, geht ständig spotresults oder searc-h.com auf. ... ach, den Windows-Nachrichtendienst habe ich mit XPAniSpy auch deaktiviert.

Ich ergebe mich ... und lass die Hosen runter / hijack-Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 15:23:57, on 22.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Tools\daemon.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Winamp\winampa.exe
E:\installprogz\OmniPage\opware32.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\0190WA~1\WARN0190.EXE
C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programme\Saitek\Software\Profiler.exe
C:\Programme\Saitek\Software\SaiSmart.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\TBLMOUSE.EXE
E:\instal~3\steam\steam.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
E:\INSTALLPROGZ\sipgate X-Lite\sipgateXLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\FRITZ!\IWatch.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\RealVNC\VNC4\winvnc4.exe
C:\Programme\FRITZ!\FriFax32.exe
E:\INSTALLPROGZ\WinTVMPEG\Ir.exe
C:\WINDOWS\system32\javaw.exe
E:\INSTALLPROGZ\TYPSoft FTP Server\ftpserv.exe
C:\Programme\NetLimiter\NetLimiter.exe
C:\Programme\WinBar\WinBar.exe
C:\PROGRA~1\0190WA~1\w0svc.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
E:\INSTALLPROGZ\MS AntiSpyware Beta\gcasDtServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\PuTTY\pageant.exe
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
F:\ProgInstall\LeapFTP\LeapFTP.exe
C:\Programme\Winamp\winamp.exe
C:\DOKUME~1\d\LOKALE~1\Temp\~e5d141.tmp
C:\DOKUME~1\d\LOKALE~1\Temp\~e5d141.tmp


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.netcologne.de:8080
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\INSTALLPROGZ\865i\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\INSTALLPROGZ\SnagIt7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OmniPage] e:\installprogz\OmniPage\opware32.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [eTrustPPAP] "E:\INSTALLPROGZ\PestPatrol\PPActiveDetection.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Programme\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Steam] "e:\instal~3\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [XSC SIP Client] "E:\INSTALLPROGZ\sipgate X-Lite\sipgateXLite.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "E:\INSTALLPROGZ\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: WinBar.lnk = C:\Programme\WinBar\WinBar.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: PowerISDNMonitor 4.1.3.lnk = E:\INSTALLPROGZ\PowerISNDMonitor\pimjava.exe
O4 - Global Startup: Run VNC Server.lnk = C:\Programme\RealVNC\VNC4\winvnc4.exe
O4 - Global Startup: FRITZ!fax.lnk = C:\Programme\FRITZ!\FriFax32.exe
O4 - Global Startup: AutoStart IR.lnk = E:\INSTALLPROGZ\WinTVMPEG\Ir.exe
O4 - Global Startup: TYPSoft FTP Server.lnk = E:\INSTALLPROGZ\TYPSoft FTP Server\ftpserv.exe
O4 - Global Startup: AntiVir Guard.lnk = C:\Programme\AVPersonal\AVGNT.EXE
O4 - Global Startup: Netlimiter.lnk = C:\Programme\NetLimiter\NetLimiter.exe
O4 - Global Startup: Spybot - Search & Destroy.lnk = C:\Programme\Spybot\SpybotSD.exe
O4 - Global Startup: Microsoft AntiSpyware.lnk = E:\INSTALLPROGZ\MS AntiSpyware Beta\GIANTAntiSpywareMain.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Easy-WebPrint Drucken - res://E:\INSTALLPROGZ\865i\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://E:\INSTALLPROGZ\865i\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://E:\INSTALLPROGZ\865i\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://E:\INSTALLPROGZ\865i\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\INSTAL~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Preispiraten 2.1 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\INSTAL~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .tif: C:\Programme\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/Pes...r/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122133971234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125397952859
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\fpjo0313e.dll
O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Mirko Böer - C:\PROGRA~1\0190WA~1\w0svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Free Proxy Service (FreeProxy) - Unknown owner - C:\Programme\FreeProxy\FreeProxy.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Leider Gottes kann ich nichts Verdächtiges im Log finden. Ist jemand von Euch in der Lage mir aus dieser misslichen Lage zu helfen? Ich möchte endlich wieder ohne Pop-Ups surfen und arbeiten können. Während dem Verfassen dieser Nachricht sind wieder 3 so Fenster aufgepoppt

Beste Grüße,
Armin

Hallo,
das scheint mir ja eine härtere Nuss zu sein, am besten du läßt gleich noch mal Escan (Anleitung genau beachten!) drüberlaufen und postest dann den Inhalt der eScan_neu.txt.
bei HijackThis ist mir eigentlich nur der O20 Eintrag aufgefallen, lade mal LSPfix runter und führe es aus, und schau mal ob da eine fpjo0313e.dll auftaucht, wenn ja auf "i know what i am doing" ankreuzen und die Datei auf die Linke Seite (falls nicht schon dort) schieben und auf finish klicken.



Grüße Wildone

Danke Jasager,

ich mache jetzt erstmal ein Ghost-Backup meines Systems. Anschließend werde ich nach der Anleitung eScan durchführen und das Ergebnis hier reinposten.

Gruß,
Armin

Hi ,


fpjo0313e.dll hab ich gegoogelt und nichts dazu gefunden.
Eventuell ist diese .dll infiziert oder für die Popups verantwortlich.

Kann aber auch sein dass es ein wichtiger Treiber ist.
Ich würd die fpjo0313e.dll noch belassen und die Meinung von Admins,Moderatoren und anderen HijackThis Experten abwarten.


Uups, da hat sich mein Post zeitlich mit anderen Antworten überschnitten

Hallo,
bin mir eigentlich recht sicher, da einer der google hits (der zweite hier im Board)
hat folgenden Eintrag in der Escan Auswertung:
File C:\WINNT\system32\fpjo0313e.dll infected by "not-a-virus:AdWare.Look2Me.ab" Virus. Action Taken: No Action Taken.
das passt ja schon sehr gut zu der Beschreibung des TE, aber wir können auch das Escan Ergebnis abwarten.



Grüße Wildone

Folgendes Ergebnis spuckte eScan aus - was muss ich nun machen bzw. was kann ich (wie) löschen?

Danke für Eure Hilfe!!!

Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eUniverse/Keenvalue variant Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Fonts\Reqrd\Base\AdobeFnt.lst". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\Default.rul". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Preispiraten\Uninstall.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\TypeSpt\MojiKumi\Photoshop6MojiKumi". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Hyphenation\usa37.hyp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\CIERGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\NTSC1953.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\PAL_SECAM.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\pcd4050e.icm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\pcd4050k.icm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\pcdcnycc.icm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\pcdekycc.icm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\pcdkoycc.icm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\SMPTE-C.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\stdpyccl.icm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\WideGamutRGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\AdobeRGB1998.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\AppleRGB.icc". Action Taken: No Action Taken.

Teil 2:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\ColorMatchRGB.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\EuroscaleCoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\EuroscaleUncoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\USSheetfedCoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\USSheetfedUncoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\USWebCoatedSWOP.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\spool\DRIVERS\COLOR\USWebUncoated.icc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\drivers\Cdr4_2K.sys". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\INSTALLPROGZ\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\IDAPINST.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\INSTALLEDGAMEZ\RaymanM\binkw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "E:\INSTALLEDGAMEZ\RaymanM\stlport_vc6.4.1.b6.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "%JavaDir%\QTJava.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ASAPI" refers to invalid object "C:\Programme\VOB\ASAPI Update\ASAPI". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\easy-bib.exe" refers to invalid object "e:\installprogz\easybib\PROGRAM\myapp.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Easy-WebPrint" refers to invalid object "E:\INSTALLPROGZ\865i\Easy-WebPrint\Easy-WebPrint". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ecs_setup.exe" refers to invalid object "C:\Programme\Sony Ericsson\Communications Suite\ecs_setup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\fricom32.exe" refers to invalid object "C:\Programme\FRITZ!\fricom32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\frijrn32.exe" refers to invalid object "C:\Programme\FRITZ!\frijrn32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\frivox32.exe" refers to invalid object "C:\Programme\FRITZ!\frivox32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mppinst.exe" refers to invalid object "E:\INSTALLPROGZ\RealPlayer\mppinst.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Pamela.exe" refers to invalid object "C:\Programme\Pamela\pamela.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\PhotoStitch.Exe" refers to invalid object "C:\Programme\Canon\PhotoStitch\PhotoStitch.Exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegCloneDVD2.exe" refers to invalid object "E:\INSTALLPROGZ\CloneDVD\CloneDVD2\RegCloneDVD2.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Programme\AntiVirenKit 2005\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".36". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-Aware SE Professional". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Anti-Leech ALIE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Codec". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Player". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Language pack for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.4)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0PR)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SBSoft". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Steinberg WaveLab v4.00c". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SymSetup.{C6B28661-7910-442E-ADDD-72EAA8395380}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinBar XP_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "XviD". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E8D25E54-D172-4FB0-929B-48D51E2E9C6D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FB015BB0-5518-4767-9DE4-F9A5C7C62E46}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0029EA03-63CA-442D-8EDC-3E624F0F7738}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISLuCbk.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0180E49C-13BF-46DB-9AFD-9F52292E1C22}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{039C58B0-3B22-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03D29100-205D-11d3-9024-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{096F54CF-6ED7-4725-AFBF-29C5AFF8BFAC}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C5B0CED-206B-4c39-B615-0EB23C824612}" refers to invalid object "C:\Program Files\Common Files\Adobe\Shell\AIIcon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0F754BB5-4299-474F-879E-3AACF49E48E0}" refers to invalid object "E:\INSTALLPROGZ\OfficeXP01\Office10\WINWORD.EXE /IMG_WIA". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{295C4C53-1D29-11D3-9024-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31B342A0-E26C-11CE-B639-00C0D10801C4}" refers to invalid object "C:\Programme\FRITZ!\frijrn32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{387A3FA2-53F4-445F-99A8-18039DF74E39}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{38D30597-1F3A-431F-8679-846677A8B392}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3A1FBE09-D1E1-4421-9A8F-8AB9DC73B325}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\SLTCHK01.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C7A5400-3B22-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{41C4D969-6F04-405d-A186-7B8ACBAA1C1B}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{45AD9C63-B8EE-4487-970B-F7FA2F6EE9CD}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{46066160-3B04-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4689DE00-371E-437a-A293-EBE4463AF796}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\fwUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4A263C1C-EBCA-4774-BD1B-AFFD07DBFCD2}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B12A8B7-32CD-4D00-988D-A62AEF70F145}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4F6EAB4C-A792-4F73-A0EA-4FAFB3643628}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\fwUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{51F26AB6-546F-45E9-9C2A-A7BE75393E09}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\fwUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\d\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{597CAA70-72AA-11CF-831E-524153480000}" refers to invalid object "E:\INSTAL~1\MACROM~1\FLASHM~1\Flash.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5B0BBAF0-3E3D-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5FAB35FB-855A-489d-AC41-FBF8004C0330}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{60765CF5-01C2-4EE7-A44B-C791CF25FEA0}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{64695B9D-EBFB-40c7-A869-989975A91BB1}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{65F9FD81-C49B-4C2A-8994-7DA2312ADDDC}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6DE3F233-DBE6-11d2-AE81-00C04F7FE3EF}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{72E492DD-B841-4D9C-8EBC-3BAC9711F6E5}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\FREInteg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{74E97E78-4948-41AB-9FF4-D21FC69014DD}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{76334026-36FF-406E-B717-87512BE44A44}" refers to invalid object "start ACDSee7.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78395490-62BE-47B9-A607-FAC8F1E923D3}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79A00187-F159-4B89-981B-F81D51504201}" refers to invalid object "C:\WINDOWS\system32\DivXAF.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7CA87530-E5EB-4B82-92DB-6299B2116A0A}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\FREInteg.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7D109FA1-238D-11D5-B482-00508BC03E93}" refers to invalid object "G:\__SOFTWARE__\__Desktop__\_Notizzettel_\AnIcon32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{87F14216-6B5B-41c0-8305-9B1F759A5118}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8891647B-00F9-4C0D-B25F-085667A8A2AC}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8989DE17-223F-4186-9077-BA154530EAD0}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8CA18050-3E49-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{91092BB2-D736-4c18-8BF5-81A1860FB556}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9385DDC3-90B6-40CD-8367-EFA685B74769}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{93A22E7A-5091-45EF-BA61-6DA26156A5D0}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A144E330-841A-4FE1-BBAF-57F1CB465C19}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A2F81DF6-3260-4BCE-8734-555A19DED3F1}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A33737D0-3E45-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A8B25C0E-0894-4531-B668-AB1599FAF7F6}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B04BC1A0-3E49-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B8A6FF88-9534-4384-893C-2D13EA19F5C5}" refers to invalid object "E:\INSTALLPROGZ\Adobe\Photoshop6\Photoshp.exe /StiDevice:%1 /StiEvent:%2". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B92AD9B0-45F2-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.

Teil 3:
Entry "HKCR\CLSID\{C2D6D98F-09CA-4524-AF64-1049B5665C9C}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8B82070-F7BA-495E-8C3E-789ACBB21236}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D5E1EBD0-3E48-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DC75FDF0-3E49-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF144FBA-E7AF-4EB0-82D4-93B585BEC90F}" refers to invalid object "E:\INSTALLPROGZ\Videotimer\WakeUpTimer.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E508B020-293B-11d4-9055-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E89602DD-B2F4-45af-A083-836ED84B01EE}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE6CCD65-194D-11D3-9024-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE6CCD76-194D-11D3-9024-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE6CCD78-194D-11D3-9024-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE6CCD7B-194D-11D3-9024-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F2A70758-DA39-11D3-B964-00500493A421}" refers to invalid object "C:\WINDOWS\system32\GMAGLUE.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F2A7075F-DA39-11D3-B964-00500493A421}" refers to invalid object "C:\WINDOWS\system32\GMAGLUE.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}" refers to invalid object "C:\WINDOWS\system32\DVobSub.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F768BE08-81D7-400D-8BD9-8B8F8BB0E96D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\SLTCHK01.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F9075D50-3E49-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FAF3B850-3B1A-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FCA97E20-3B14-11d3-902C-00C04F78ACF9}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVGVIE~1\SVGCON~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{056738E1-E15C-11D6-B876-0050BF5D85C7}" refers to invalid object "C:\Programme\Anti-Leech\ALIE_1.0.1.8\alie.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{20F6AEAC-284A-4022-A0A8-718AB2087D37}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\SLTCHK01.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3CF85874-1F2A-4C0D-82B9-42213CFB48B0}" refers to invalid object "C:\Programme\SchnapperPro\CommClient.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{472A5A47-F2C6-4DE9-89B4-5ADF1CF57F3C}" refers to invalid object "E:\INSTALLPROGZ\Videotimer\WakeUpTimer.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4E5A5CBD-2CE8-4085-B515-A20137D70D3D}" refers to invalid object "C:\Programme\Norton Personal Firewall\ACDisp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{54B0DF71-97D6-493C-834D-99FC9E19D612}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISWrap.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{56EBB89D-BB5A-4408-BA3F-04F68EB28690}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\ISLuCbk.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5CD04EBA-9DAB-11D3-B964-00500493A421}" refers to invalid object "C:\WINDOWS\system32\GMAGLUE.EXE". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6DE3F231-DBE6-11D2-AE81-00C04F7FE3EF}" refers to invalid object "C:\WINDOWS\System32\Adobe\SVG Viewer\SVGControl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6E2295DE-2B0E-4ED8-91A8-D9E9A514A027}" refers to invalid object "C:\Programme\Norton AntiVirus\IWP\niscmnht.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\d\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8C445A83-9D0A-11D3-A8FB-444553540000}" refers to invalid object "C:\WINDOWS\system32\ImagXpr5.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C0DAEDCE-D6C6-4CDB-B9D6-020FC64A660D}" refers to invalid object "C:\Programme\SchnapperPro\SchnapperMain.exe". Action Taken: No Action Taken.
Entry "HKCR\AcroExch.0.3" refers to invalid object "{D7F392D9-5462-391A-14C1-C2496640C624}". Action Taken: No Action Taken.
Entry "HKCR\Adobe.workflow.files\shell\open\command" refers to invalid object ""C:\Programme\Gemeinsame Dateien\Adobe\WorkFlow\AdobeWorkGroupHelper.exe "%1""". Action Taken: No Action Taken.
Entry "HKCR\AheadAutoPlayHandlers.VwList.3" refers to invalid object "{B939AF6C-9E2B-4071-24E9-E732888C46D4}". Action Taken: No Action Taken.
Entry "HKCR\Backstage.Dokument\shell\open\command" refers to invalid object "E:\INSTAL~1\MACROM~1\DREAMW~1\DREAMW~1\DREAMW~1.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\CHROME\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DynSite\shell\open\command" refers to invalid object ""C:\Programme\DynSite\DynSite.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\FwUI.FWRuleEditor" refers to invalid object "{A8526C0D-7EBA-41C4-9906-153C23CBF5DB}". Action Taken: No Action Taken.
Entry "HKCR\FwUI.FWRuleEditor.1" refers to invalid object "{A8526C0D-7EBA-41C4-9906-153C23CBF5DB}". Action Taken: No Action Taken.
Entry "HKCR\gopher\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\HTTP\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\https\shell\open\command" refers to invalid object "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"". Action Taken: No Action Taken.
Entry "HKCR\IAS.CddbURLManager" refers to invalid object "{1BF7D410-8D3B-D876-9F63-5F1568BA6161}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\notfile\shell\open\command" refers to invalid object ""G:\__SOFTWARE__\__Desktop__\_Notizzettel_\anote.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\PhotoBase.Document" refers to invalid object "{F90E7260-9545-11D0-87A0-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\PhotoBase.Document\shell\open\command" refers to invalid object "e:\installprogz\PhotoBase\PhotoBase\PHBASE.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\Photoshop.SpinButton.2" refers to invalid object "{CB31AF35-0168-6E2B-47FF-8C1E8D07972B}". Action Taken: No Action Taken.
Entry "HKCR\ROXIO.CD.Project" refers to invalid object "{AC62F6B2-9EB0-4A3C-BFC2-75946685FCFB}". Action Taken: No Action Taken.
Entry "HKCR\tixFile\shell\open\command" refers to invalid object ""C:\Programme\DivX\DivX Player\DivX Player.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\tvpifile\shell\open\command" refers to invalid object "E:\INSTALLPROGZ\DaVideoVideorec\TVR 2.0\iEpg.exe "/file%l"". Action Taken: No Action Taken.
Entry "HKCR\ZAMailSafe\shell\open\command" refers to invalid object ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" -warning "%1"". Action Taken: No Action Taken.
Entry "HKCR\Zb.ZbCmdProcessRawImages" refers to invalid object "{4DCADFA0-556A-4288-AB68-833C51A2CF6B}". Action Taken: No Action Taken.
Entry "HKCR\Zb.ZbCmdProcessRawImages.1" refers to invalid object "{4DCADFA0-556A-4288-AB68-833C51A2CF6B}". Action Taken: No Action Taken.
Entry "HKCR\Zb.ZbCmdRemoteCapture" refers to invalid object "{7D5BAFEE-5A7D-4BB0-B709-A17422EEB658}". Action Taken: No Action Taken.
Entry "HKCR\Zb.ZbCmdRemoteCapture.1" refers to invalid object "{7D5BAFEE-5A7D-4BB0-B709-A17422EEB658}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\wcnetmgr.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\tdaffic.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ddspex.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\dnrawex.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\shrstr.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\kduser.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\fpn8035ue.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\en4ml1h11.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\gpnml3511.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\j6l40g3qe6.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\fp8u03l9e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ktl4l73q1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\gp02l3do1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mv0ml9d11.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\tJpiui.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\p48qlel51hq.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ktlul7391.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\i842liho184c.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\d60m0gd1e60.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\hr6q05j5e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\3OViewer.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\r4r6le9s1h.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\o048lahu1d48.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ktn6l75s1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\enlql1351.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\en24l1fq1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\m828lifu1828.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\oytext32.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mv06l9ds1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\dnjo0113e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\wbsdmoe.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\kwdne.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\u8ru0i99e8.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\i0240afqed2e0.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mkastmib.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcc42u.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\kt06l7ds1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\i6nmlg5116.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\l68m0gl1e6q.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\jtjs0717e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\srcpack.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\d\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-48c24613.zip infected by "Trojan-Downloader.Java.OpenStream.u" Virus! Action Taken: No Action Taken.
File C:\Programme\RealVNC\VNC4\winvnc4.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
File C:\Programme\RealVNC\VNC4\vncconfig.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
File C:\Programme\RealVNC\VNC4\wm_hooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
File C:\Programme\RealVNC\VNC4\vncviewer.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
File D:\WINNT\system32\omnithread_rt.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.g. No Action Taken.
File D:\WINNT\wt\wtbgm\wtbgmtt.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File D:\Programme\Gemeinsame Dateien\CMEII\GController.dll tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
File D:\Programme\Gemeinsame Dateien\CMEII\GStore.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
File D:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.

Dickes Sorry für den langen Log ... echt traurig ... zur Erklärung der Reihenfolge. Teil 1 kommt zuerst, dann Teil 2, dann Teil 3 ... alle von oben nach unten ...

Hoffentlich verliert ihr nicht die Lust bei dem langen Log

Hallo,
doch tue ich, öffne die MWAV.LOG, gebe über bearbeiten>>suchen die beiden Stichwörter "tagged" und "infected" ein, und poste die jeweiligen Einträge.



Grüße Wildone

So, die gekürzte Version ... nochmals vielen Dank!

Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eUniverse/Keenvalue variant Spyware/Adware" found in File System! Action Taken: No Action Taken.
try "HKCR\Zb.ZbCmdRemoteCapture.1" refers to invalid object "{7D5BAFEE-5A7D-4BB0-B709-A17422EEB658}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\wcnetmgr.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\tdaffic.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ddspex.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\dnrawex.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\shrstr.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\kduser.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\fpn8035ue.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\en4ml1h11.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\gpnml3511.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\j6l40g3qe6.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\fp8u03l9e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ktl4l73q1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\gp02l3do1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mv0ml9d11.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\tJpiui.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\p48qlel51hq.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ktlul7391.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\i842liho184c.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\d60m0gd1e60.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\hr6q05j5e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\3OViewer.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\r4r6le9s1h.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\o048lahu1d48.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ktn6l75s1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\enlql1351.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\en24l1fq1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\m828lifu1828.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\oytext32.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mv06l9ds1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\dnjo0113e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\wbsdmoe.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\kwdne.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\u8ru0i99e8.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\i0240afqed2e0.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mkastmib.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcc42u.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\kt06l7ds1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\i6nmlg5116.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\l68m0gl1e6q.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\jtjs0717e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\srcpack.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\d\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-48c24613.zip infected by "Trojan-Downloader.Java.OpenStream.u" Virus! Action Taken: No Action Taken.
File C:\Programme\RealVNC\VNC4\winvnc4.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
File C:\Programme\RealVNC\VNC4\vncconfig.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
File C:\Programme\RealVNC\VNC4\wm_hooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
File C:\Programme\RealVNC\VNC4\vncviewer.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
File D:\WINNT\system32\omnithread_rt.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.g. No Action Taken.
File D:\WINNT\wt\wtbgm\wtbgmtt.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File D:\Programme\Gemeinsame Dateien\CMEII\GController.dll tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
File D:\Programme\Gemeinsame Dateien\CMEII\GStore.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
File D:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
File D:\Programme\RealVNC\WinVNC\winvnc.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
File D:\Programme\RealVNC\WinVNC\othread2.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
File D:\Programme\RealVNC\WinVNC\vnchooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
File G:\__SOFTWARE__\-= Web-Tools =-\vnc-3.3.6-x86_win32.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
File G:\__SOFTWARE__\__Communication__\vnc-3.3.7-x86_win32.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.c. No Action Taken.
File G:\__SOFTWARE__\__Communication__\netpumper-1.10.3-setup.exe tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
File G:\__SOFTWARE__\__Communication__\VNC\vnc-4.0-x86_win32.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
File G:\__SOFTWARE__\__System__\__Desktop__\Bildschirmschoner - Websites - Freeware\gPhotoShow.exe infected by "Trojan-Dropper.Win32.Small.ff" Virus! Action Taken: No Action Taken.

Hallo,
das ist ja in der Tat eine schöne Sauerei. Also, schalte erst mal die Systemwiederherstellung ab (Rechtsklick auf Arbeitsplatz>>Eigenschaften in der Karteikarte Systemwiederherstellung). Dann gehst du in den abgesicherten Modus und löschst folgende Dateien:


File C:\WINDOWS\system32\wcnetmgr.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\tdaffic.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ddspex.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\dnrawex.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\shrstr.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\kduser.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\fpn8035ue.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\en4ml1h11.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\gpnml3511.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\j6l40g3qe6.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\fp8u03l9e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ktl4l73q1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\gp02l3do1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mv0ml9d11.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\tJpiui.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\p48qlel51hq.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ktlul7391.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\i842liho184c.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\d60m0gd1e60.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\hr6q05j5e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\3OViewer.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\r4r6le9s1h.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\o048lahu1d48.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ktn6l75s1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\enlql1351.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\en24l1fq1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\m828lifu1828.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\oytext32.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mv06l9ds1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\dnjo0113e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\wbsdmoe.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\kwdne.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\u8ru0i99e8.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\i0240afqed2e0.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mkastmib.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcc42u.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\kt06l7ds1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\i6nmlg5116.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\l68m0gl1e6q.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\jtjs0717e.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\srcpack.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File D:\WINNT\wt\wtbgm\wtbgmtt.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File D:\Programme\Gemeinsame Dateien\CMEII\GController.dll tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
File D:\Programme\Gemeinsame Dateien\CMEII\GStore.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
File D:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll tagged as "not-a-virus:AdWare.Gator.5115". Action Taken: No Action Taken.
File G:\__SOFTWARE__\__Communication__\netpumper-1.10.3-setup.exe tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken
File G:\__SOFTWARE__\__System__\__Desktop__\Bildschirms choner - Websites - Freeware\gPhotoShow.exe infected by "Trojan-Dropper.Win32.Small.ff"

Hast du die Aktion mit LSPfix eigentlich schon durchgeführt, weil nach dem löschen, der fpjo0313e.dll wäre es möglich das dein Internet nicht mehr funktioniert, also versuche diese Datei erstmal mit LSPfix zu entfernen bevor du sie manuell löschst.
Dann löschst du die MWAV.log, wieder Escan laufen lassen, wieder die infected und tagged Einträge posten.



Grüße Wildone

OK, vielen Dank, werde es morgen Vormittag erneut angehen. Wenn mein Internet nicht gesehen sollte, habe ich da wenigstens vorher geschlafen Habe da echt etwas "Respekt" vor, aber ich werd´s genau so machen wie du sagst! Dann wird´s schon irgendwie klappen

Ganz vielen Dank nochmal! Habe da wohl wirklich einen Fachmann gefunden!!!

Hallo,

Zitat:

OK, vielen Dank, werde es morgen Vormittag erneut angehen. Wenn mein Internet nicht gesehen sollte, habe ich da wenigstens vorher geschlafen

lol, mach das das hat noch nie geschadet.

Zitat:

Ganz vielen Dank nochmal! Habe da wohl wirklich einen Fachmann gefunden!!!

Schon mal ein gern geschehen, aber es gibt bei weitem noch hellere Sterne am Firmament.


Grüße Wildone